Declassified NSA Document Reveals the Secret History of TEMPEST

Via Wired.com -

It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government's most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis.

Then he noticed something odd.

Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn't know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether.

Call it a TEMPEST in a teletype.

This story of how the United States first learned about the fundamental security vulnerability called "compromising emanations" is revealed for the first time in a newly-declassified 1972 paper TEMPEST: A Signal Problem (.pdf), from the National Security Agency's secret in-house journal Cryptologic Spectrum.

"There has always been speculation about TEMPEST coming out of the Cold War period," says Joel McNamara, author of Secrets of Computer Espionage: Tactics and Countermeasures, who maintained for years the best compilation of public information on TEMPEST. "But the 1943 Bell Labs discovery is roughly ten years earlier than I would have expected."

The unnamed Bell Telephone technician was the Alexander Graham Bell of a new, secret science, in which electronic eavesdroppers -- as far away as hundreds of feet from their target tune into radio waves leaking from electronic equipment to steal secrets.

Building on the breakthrough, the U.S. developed and refined the science in an attempt to spy on the Soviets during the Cold War. And it issued strict standards for shielding sensitive buildings and equipment. Those rules are now known to government agencies and defense contractors as TEMPEST, and they apply to everything from computer monitors to encrypted cell phones that handle classified information.

Until now, little has been known about when and how the U.S. government began trying to protect itself from this threat, and the NSA paper tells the story well.